> -----Original Message-----
> From: Amin Tora [SMTP:[EMAIL PROTECTED]]
> Sent: Saturday, July 28, 2001 7:53 AM
> To: [EMAIL PROTECTED]
> Cc: 'Holland, Stephen'
> Subject: RE: [FW1] Time out for TCP handshake
>
>
>
> >Without using SynDefender what is the default time Checkpoint 4.1 will
> allow
> >for the entire TCP handshake to take place before the firewall will close
> the
> >connection. Also what will be logged if the connection is dropped by
> > the firewall if the handshake is not finished?
>
> Stephen:
>
> During the initial TCP handshake (i.e. SYN, SYN/ACK, ACK) FireWall sets
> the
> timeout value for the connection in the state table to 60seconds.
>
> You can edit this by editing a file $FWDIR/conf/objects.C with the
> following
> entry:
>
> :tcpstarttimeout (60)
>
> After the handshake is completed, the timeout is set to 3600seconds if you
> haven't changed your default Policy->Properties: TCP timeout value...
>
> ...not sure what will be logged if the handshake is not completed or even
> IF
> anything will be logged at all...
[J. Hartmann]
When the timer of 60s goes down and after that the first ACK packet
is sent you log will show: "Unknow established TCP packet."
> .peace.
>
> Amin Tora,CISSP
> ePlus Technology Inc.
>
>
>
> ==========================================================================
> ======
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
